KUSD MMIO

2026-01-18 19:23:56 +00:00 · 2024-11-23 19:32:14 +01:00
parent 325e8115af
commit 2e2b4ffb2f
5 changed files with 282 additions and 112 deletions
--- a/src/windows-emulator/windows_emulator.cpp
+++ b/src/windows-emulator/windows_emulator.cpp
@@ -50,95 +50,6 @@ namespace
 		emu.write_register(x64_register::msr, &value, sizeof(value));
 	}

-	emulator_object<KUSER_SHARED_DATA> setup_kusd(x64_emulator& emu, bool use_relative_time)
-	{
-		// TODO: Fix that. Use hooks to feed dynamic data, e.g. time values
-
-		emu.allocate_memory(KUSD_ADDRESS, page_align_up(sizeof(KUSER_SHARED_DATA)), memory_permission::read);
-
-		const emulator_object<KUSER_SHARED_DATA> kusd_object{emu, KUSD_ADDRESS};
-		kusd_object.access([&](KUSER_SHARED_DATA& kusd)
-		{
-			kusd.TickCountMultiplier = 0x0fa00000;
-			kusd.InterruptTime.LowPart = 0x17bd9547;
-			kusd.InterruptTime.High1Time = 0x0000004b;
-			kusd.InterruptTime.High2Time = 0x0000004b;
-			kusd.SystemTime.LowPart = 0x7af9da99;
-			kusd.SystemTime.High1Time = 0x01db27b9;
-			kusd.SystemTime.High2Time = 0x01db27b9;
-			kusd.TimeZoneBias.LowPart = 0x3c773000;
-			kusd.TimeZoneBias.High1Time = -17;
-			kusd.TimeZoneBias.High2Time = -17;
-			kusd.TimeZoneId = 0x00000002;
-			kusd.LargePageMinimum = 0x00200000;
-			kusd.RNGSeedVersion = 0x0000000000000013;
-			kusd.TimeZoneBiasStamp = 0x00000004;
-			kusd.NtBuildNumber = 0x00006c51;
-			kusd.NtProductType = NtProductWinNt;
-			kusd.ProductTypeIsValid = 0x01;
-			kusd.NativeProcessorArchitecture = 0x0009;
-			kusd.NtMajorVersion = 0x0000000a;
-			kusd.BootId = 0x0000000b;
-			kusd.SystemExpirationDate.QuadPart = 0x01dc26860a9ff300;
-			kusd.SuiteMask = 0x00000110;
-			kusd.MitigationPolicies.MitigationPolicies = 0x0a;
-			kusd.MitigationPolicies.NXSupportPolicy = 0x02;
-			kusd.MitigationPolicies.SEHValidationPolicy = 0x02;
-			kusd.CyclesPerYield = 0x0064;
-			kusd.DismountCount = 0x00000006;
-			kusd.ComPlusPackage = 0x00000001;
-			kusd.LastSystemRITEventTickCount = 0x01ec1fd3;
-			kusd.NumberOfPhysicalPages = 0x00bf0958;
-			kusd.FullNumberOfPhysicalPages = 0x0000000000bf0958;
-			kusd.TickCount.TickCount.LowPart = 0x001f7f05;
-			kusd.TickCount.TickCountQuad = 0x00000000001f7f05;
-			kusd.Cookie = 0x1c3471da;
-			kusd.ConsoleSessionForegroundProcessId = 0x00000000000028f4;
-			kusd.TimeUpdateLock = 0x0000000002b28586;
-			kusd.BaselineSystemTimeQpc = 0x0000004b17cd596c;
-			kusd.BaselineInterruptTimeQpc = 0x0000004b17cd596c;
-			kusd.QpcSystemTimeIncrement = 0x8000000000000000;
-			kusd.QpcInterruptTimeIncrement = 0x8000000000000000;
-			kusd.QpcSystemTimeIncrementShift = 0x01;
-			kusd.QpcInterruptTimeIncrementShift = 0x01;
-			kusd.UnparkedProcessorCount = 0x000c;
-			kusd.TelemetryCoverageRound = 0x00000001;
-			kusd.LangGenerationCount = 0x00000003;
-			kusd.InterruptTimeBias = 0x00000015a5d56406;
-			kusd.QpcBias = 0x000000159530c4af;
-			kusd.ActiveProcessorCount = 0x0000000c;
-			kusd.ActiveGroupCount = 0x01;
-			kusd.QpcData.QpcData = 0x0083;
-			kusd.QpcData.QpcBypassEnabled = 0x83;
-			kusd.TimeZoneBiasEffectiveStart.QuadPart = 0x01db276e654cb2ff;
-			kusd.TimeZoneBiasEffectiveEnd.QuadPart = 0x01db280b8c3b2800;
-			kusd.XState.EnabledFeatures = 0x000000000000001f;
-			kusd.XState.EnabledVolatileFeatures = 0x000000000000000f;
-			kusd.XState.Size = 0x000003c0;
-
-			if (use_relative_time)
-			{
-				kusd.QpcFrequency = 1000;
-			}
-			else
-			{
-				kusd.QpcFrequency = std::chrono::steady_clock::period::den;
-			}
-
-			constexpr std::wstring_view root_dir{L"C:\\WINDOWS"};
-			memcpy(&kusd.NtSystemRoot.arr[0], root_dir.data(), root_dir.size() * 2);
-
-			kusd.ImageNumberLow = IMAGE_FILE_MACHINE_I386;
-			kusd.ImageNumberHigh = IMAGE_FILE_MACHINE_AMD64;
-
-			memset(&kusd.ProcessorFeatures, 0, sizeof(kusd.ProcessorFeatures));
-
-			// ...
-		});
-
-		return kusd_object;
-	}
-
 	uint64_t copy_string(x64_emulator& emu, emulator_allocator& allocator, const void* base_ptr, const uint64_t offset,
 	                     const size_t length)
 	{
@@ -262,13 +173,16 @@ namespace
 		return canonical(absolute(path).parent_path()).make_preferred();
 	}

-	void setup_context(process_context& context, x64_emulator& emu, const emulator_settings& settings)
+	void setup_context(windows_emulator& win_emu, const emulator_settings& settings)
 	{
+		auto& emu = win_emu.emu();
+		auto& context = win_emu.process();
+
 		setup_gdt(emu);

 		context.registry = registry_manager(settings.registry_directory);

-		context.kusd = setup_kusd(emu, settings.use_relative_time);
+		context.kusd.emplace(win_emu, settings.use_relative_time);

 		context.base_allocator = create_allocator(emu, PEB_SEGMENT_SIZE);
 		auto& allocator = context.base_allocator;
@@ -795,7 +709,7 @@ void windows_emulator::setup_process(const emulator_settings& settings)
 	auto& context = this->process();
 	context.module_manager = module_manager(emu); // TODO: Cleanup module manager

-	setup_context(context, emu, settings);
+	setup_context(*this, settings);

 	context.executable = context.module_manager.map_module(settings.application, this->logger);